Posted by erik
on August 31, 2015Comments Off on Using Certificate-Transparency to grab a list of all hostnames a CA has issued certificates for

Certificate Transparency is an approach to improve the security of CAs issuing X.509 certificates by running a public audit-log for all issued certificates. Before a CA issues a certificate, the tbsCertificate structure (which is effectively the whole certificate without the signature) is submitted to a certificate transparency server. Should a CA issue (willingly or due to a compromise) a fraudulent certificate, it is either immediately available in the audit log and can therefore be spotted by an independent third party before it causes damage, or spotting a certificate in the wild that is not included in the audit log is a direct proof that the CA has been compromised.

How to get the hostnames from the log

Since the CT API does not have a single command that returns all the names the CA has issued certificates for, I decided to write a spider by myself in python. The tool is available on github. To download, simply type:

The result should be a sorted list of all hostnames (including with wildcards) digicert every issued a certificate for.

Future work

So far, no special verification of the data supplied by the digicert server is done. Feel free to submit patches on github to improve this code. Also feel free to play with the data and spot any hostnames in the result that looks suspicious to you.

Posted by erik
on July 27, 2015Comments Off on Better seeded of the OpenSSL random number generator for gensafeprime

Previous releases of gensafeprime up to 1.3 used the OpenSSL library to generate safe prime numbers, but did not add a seed to the OpenSSL PRNG. As a result, it might be possible that these numbers can be guessed. The manpage of OpenSSL BN_generate_prime specifies:

The PRNG must be seeded prior to calling BN_generate_prime(). The prime number generation has a negligible error probability.

To fix that problem, gensafeprime 1.4 has been released. The release contains a patch that seeds the OpenSSL PRNG from the python os.urandom source of entropy, which should be sufficient for cryptographic applications.

All users of the previous versions are encouraged to update to gensafeprime 1.4.

If the native support for long numbers in Python seems to be to slow, there is gmpy, a Python C-binding, that allows you to use the GMP library from your python code. Due to the nice operator overloading in Python, you don’t need to change anything in your calculations, except for the initialization of your data.

GMP supports finding prime numbers and also efficient prime testing, bue there is no support for generating safe prime numbers in python and/or in GMP. A number is a safe prime number, if is prime, and is a prime number too. OpenSSL supports the generation of such numbers. So I decided to write an OpenSSL Python binding, to make it possible to generate these numbers in a Python script, without having to call an external program.

My implementation gensafeprime can be downloaded from github, and is also available on PyPi. Using the code is easy. The following example will generate a 512 bit safe prime number:

Stunnel is a general purpose SSL/TLS proxy. I explained in my last posting how to use stunnel with Android, so that Android apps can communicate with a server through SSL/TLS with mutal authentication and encryption. For many people, running stunnel on their home router as a gatekeeper might a good option. OpenWRT is an open source operating system, that can be flashed on many routers and wireless LAN access points an other device.

How to install OpenWRT is not covered by this posting. Instead I suggest reading the general documentation on the OpenWRT website. After OpenWRT is running, there are two ways how to install stunnel.

Install with opkg

The easiest way to install stunnel on OpenWRT is opkg. Just execute:

opkg update; opkg install stunnel

However, the space on many routers is limited, and this might fail.

Install with ImageBuilder

For those, who don’t have enough space on their router, they can still try the ImageBuilder. Here, a new firmware image is generated, that compresses stunnel much better. Here, we need to build an image like:

make image PACKAGES="stunnel"

And possibly, other options need to be set, depending on your plattform. After the image has been generated, it can be flashed on the device.

Configuring stunnel

Because some paths are different, we need to adjust the stunnel.conf from the last posting.

All certificate and key files are placed in /etc/stunnel/. How we can start it with /etc/init.d/stunnel start. Also, just doing a reboot on the device might be a good idea, to check if stunnel still works after a reboot.

Assume that you want to write an Android application, that needs to communicate with your server or your wireless router at home, for personal use. You might be interested in securing this communication against eavesdropping, so that nobody else sees, what you application sends and receives. You also might be interested in authenticating you communication, so that you can be sure that only your application and your server or router communicate, and nobody else is able to modify the content transmitted, without being noticed. The SSL/TLS protocol is a perfect solution for this problem, so that you don’t need to invent a solution yourself.

Certificates

To ensure authenticity of both communication partners, X.509 certificates can be used. Most secure websites in the internet like paypal, ebay, or amazon only use X.509 certificates for the server, and the client is authenticated using a username and a password. For this example, X.509 certificates will be used for both communication partners.

To generate two self-signed X.509 certificates, the following script can be used. It will generate two new RSA 2048 bit keys, generate two self signed certificates, and bundle the client certificate with the corresponding private key, and the servers public certificate in a PKCS#12 container file.

Stunnel

We will use stunnel for the server. Stunnel is a lightweight general SSL/TLS wrapper and proxy. First, we copy cert-client.pem cert-server.pem and key-server.pem to the server to /etc/ssl/stunnel or another directory. Next is the stunnel configuration file:

This will set up a stunnel server, listening on port 1279, and forwarding the unencrypted communication to target port 1280. It will only allow connections from a client, presenting a valid certificate.